The backend part of the Pakon (Parental Control for Turris routers) which communicates with the kernel and decides if packets could be passed on.

Name Last Update
build @ 4e590e2c
design Loading commit data...
src Loading commit data...
tests Loading commit data...
.gitignore Loading commit data...
.gitlab-ci.yml Loading commit data...
.gitmodules Loading commit data...
COPYING Loading commit data...
Makefile Loading commit data...
Makefile.dir Loading commit data...
README Loading commit data...
launch Loading commit data...
test.lua Loading commit data...

Pakon is a parental control system and network traffic filter. It allows
flexible configuration and wide range of detection. It actually filters the
traffic, unlike most other parental control systems that simply block DNS


This is the backend part that does the heavy lifting. It connects to a nfqueue
and filters the packets (routing them to the nfqueue is a task for iptables).
It is configured through lua files. It exports the active flows through a unix
domain socket.


First, initalize the build system:

  git submodule init
  git submodule update

Then install all relevant dependencies and their headers:

  - Netfilter queue
  - lua 5.1

Then compile:



You can get inspired by the `launch` script. You need to set up iptables to
pass the relevant traffic to it through NF QUEUE. Then you need to pass the
configuration in a lua file. You can also specify how much is logged, through
the environment variables `PAKOND_STDERR_LEVEL` and `PAKOND_SYSLOG_LEVEL`.
These specify which severity (and more severe) is logged to stderr and syslog
respectively. The levels are:

  - DBG
  - INFO
  - WARN

Note that what is logged is also limited by what logging is compiled in with
the `MAX_LOG_LEVEL` make option above.

Furthermore, it is possible to enable an internal logging ringbuffer. If you
run with `PAKOND_RINGLOG=yes` environment variable, all the messages (even the
ones that are not output) are stored for some time and they are dumped in case
a problem happens. It is recommended to do so when trying to debug a problem.